From 311670f3ea90115f2f1840e3e9770ed71e06e6c3 Mon Sep 17 00:00:00 2001 From: Ilpo Järvinen Date: Mon, 20 Oct 2008 03:33:24 -0700 Subject: netfilter: snmp nat leaks memory in case of failure Signed-off-by: Ilpo Järvinen Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_nat_snmp_basic.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/ipv4') diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index ffeaffc3fffe..8303e4b406c0 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c @@ -742,6 +742,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { + kfree(p); kfree(id); if (net_ratelimit()) printk("OOM in bsalg (%d)\n", __LINE__); -- cgit v1.2.3 From fdc9314cbe027281b5440780692105d49b53cf2c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 20 Oct 2008 03:34:51 -0700 Subject: netfilter: replace old NF_ARP calls with NFPROTO_ARP (Supplements: ee999d8b9573df1b547aacdc6d79f86eb79c25cd) NFPROTO_ARP actually has a different value from NF_ARP, so ensure all callers use the new value so that packets _do_ get delivered to the registered hooks. Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/bridge/br_netfilter.c | 2 +- net/ipv4/arp.c | 4 ++-- net/netfilter/xt_NFQUEUE.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'net/ipv4') diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index a4abed5b4c44..fa5cda4e552a 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -719,7 +719,7 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, return NF_ACCEPT; } *d = (struct net_device *)in; - NF_HOOK(NF_ARP, NF_ARP_FORWARD, skb, (struct net_device *)in, + NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, skb, (struct net_device *)in, (struct net_device *)out, br_nf_forward_finish); return NF_STOLEN; diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index b043eda60b04..1a9dd66511fc 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -663,7 +663,7 @@ out: void arp_xmit(struct sk_buff *skb) { /* Send it off, maybe filter it using firewalling first. */ - NF_HOOK(NF_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit); + NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit); } /* @@ -928,7 +928,7 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev, memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); - return NF_HOOK(NF_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); freeskb: kfree_skb(skb); diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index 2cc1fff49307..f9977b3311f7 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c @@ -48,7 +48,7 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = { }, { .name = "NFQUEUE", - .family = NF_ARP, + .family = NFPROTO_ARP, .target = nfqueue_tg, .targetsize = sizeof(struct xt_NFQ_info), .me = THIS_MODULE, -- cgit v1.2.3